当前位置导航:炫浪网>>网络学院>>网页制作>>PHP教程

PHP 5.2.14 和 5.3.3 同时发布

  PHP 5.2.14 的改进内容:

  改进内容:

  Upgraded bundled PCRE to version 8.02.

  Updated timezone database to version 2010.5.

  Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).

  Fixed bug #52237 (Crash when passing the reference of the property of a non-object).

  Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).

  Fixed bug #51822 (Segfault with strange __destruct() for static class variables).

  Fixed bug #51552 (debug_backtrace() causes segmentation fault and/or memory issues).

  Fixed bug #49267 (Linking fails for iconv on MacOS: "Undefined symbols: _libiconv").

  安全方面问题:

  Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs.

  Fixed a possible interruption array leak in strrchr().(CVE-2010-2484)

  Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim().

  Fixed a possible memory corruption in substr_replace().

  Fixed SplObjectStorage unserialization problems (CVE-2010-2225).

  Fixed a possible stack exaustion inside fnmatch().

  Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).

  Fixed handling of session variable serialization on certain prefix characters.

  Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski.

  PHP 5.3.3 改进内容:

  改进内容:

  Upgraded bundled sqlite to version 3.6.23.1.

  Upgraded bundled PCRE to version 8.02.

  Added FastCGI Process Manager (FPM) SAPI.

  Added stream filter support to mcrypt extension.

  Added full_special_chars filter to ext/filter.

  Fixed a possible crash because of recursive GC invocation.

  Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).

  Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).

  Fixed bug #52060 (Memory leak when passing a closure to method_exists()).

  Fixed bug #52001 (Memory allocation problems after using variable variables).

  Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).

  Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).

  安全方面改进:

  Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).

  Fixed a possible resource destruction issues in shm_put_var().

  Fixed a possible information leak because of interruption of XOR operator.

  Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.

  Fixed a possible memory corruption in ArrayObject::uasort().

  Fixed a possible memory corruption in parse_str().

  Fixed a possible memory corruption in pack().

  Fixed a possible memory corruption in substr_replace().

  Fixed a possible memory corruption in addcslashes().

  Fixed a possible stack exhaustion inside fnmatch().

  Fixed a possible dechunking filter buffer overflow.

  Fixed a possible arbitrary memory access inside sqlite extension.

  Fixed string format validation inside phar extension.

  Fixed handling of session variable serialization on certain prefix characters.

  Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).

  Fixed SplObjectStorage unserialization problems (CVE-2010-2225).

  Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.

  Fixed possible buffer overflows when handling error packets in mysqlnd.

相关内容
赞助商链接